A LAN is a high-speed network (typically 10 to 1000 Mbps) that supports many computers connected over a limited distance (e.g., under a few hundred meters). Typically, a LAN spans a single building. U.S. Pat. No. 6,757,286 provides a general description of a LAN segment. A Virtual Local Area Network (VLAN) is mechanism by which a group of devices on one or more LANs that are configured using management software so that they can communicate as if they were attached to the same LAN, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
Virtual Private Network (VPN) services provide secure network connections between different locations. A company, for example, can use a VPN to provide secure connections between geographically dispersed sites that need to access the corporate network. There are three types of VPN that are classified by the network layer used to establish the connection between the customer and provider network: Layer 1, VPNs, which are simple point-to-point connections using Layer 1 circuits such as SONET; Layer 2 VPNs (L2VPNs), where the provider delivers Layer 2 circuits to the customer (one for each site) and provides switching of the customer data; and Layer 3 VPNs (L3VPNs), where the provider edge (PE) device participates in the customer's routing by managing the VPN-specific routing tables, as well as distributing routes to remote sites. In a Layer 3 IP VPN, customer sites are connected via IP routers, e.g., provider edge (PE) and intermediate provider (P) nodes, that can communicate privately over a shared backbone as if they are using their own private network. Multi-protocol label switching (MPLS) Border Gateway Protocol (BGP) networks are one type of L3VPN solution. An example of an IP-based Virtual Private Network is disclosed in U.S. Pat. No. 6,693,878. U.S. Pat. No. 6,665,273 describes a MPLS system within a network device for traffic engineering.
Virtual Private LAN Service (VPLS) has recently emerged as a L2VPN to meet the need to connect geographically dispersed locations with a protocol-transparent, any-to-any, full-mesh service. VPLS is an architecture that delivers Layer 2 service that in all respects emulates an Ethernet LAN across a wide area network (WAN) and inherits the scaling characteristics of a LAN. All customer sites in a VPLS appear to be on the same LAN, regardless of their locations. In other words, with VPLS, customers can communicate as if they were connected via a private Ethernet LAN segment. The basic idea behind VPLS is to set up a full-mesh of label switched paths (LSPs) between each PE router so that Media Access Control (MAC) frames received on the customer side can be switched based on their MAC addresses and then encapsulated into MPLS/IP packets on the P node side and sent across the VPLS domain over the full mesh. Conceptually, VPLS can therefore be thought of as an emulated Ethernet LAN segment connected by a set of virtual bridges or virtual Ethernet switches.
In multicast data transmission, data packets originating from a source node are delivered to a group of receiver nodes through a tree structure. (In contrast, unicast communications take place between a single sender and a single receiver.) Various mechanisms, such as the Protocol Independent Multicast (PIM) protocol, have been developed for establishing multicast distribution trees and routing packets across service provider (SP) networks. One commonly used approach uses a dynamic routing algorithm to build the multicast tree by allowing group member receiver nodes to join one-by-one. When a new receiver node attempts to join, it sends a Join request message along a computed path to join the group. The routing algorithm/protocol then connects the new receiver to the exiting tree (rooted at the source) without affecting the other tree member nodes.
By way of further background, U.S. Pat. No. 6,078,590 teaches a method of routing multicast packets in a network. Content-based filtering of multicast information is disclosed in U.S. Pat. No. 6,055,364.
Recent VPLS working group drafts (draft-ieff-I2vpn-vpls-ldp-07.txt and draft-ieff-I2vpn-vpls-bgp-05) have no special handling specified for multicast data within a VPLS instance. That is, multicast data within a VPLS instance is treated the same as broadcast data and it is replicated over all the pseudo-wires (PWs) belonging to that VPLS instance at the ingress provider edge (PE) device. This ingress replication is very inefficient in terms of ingress PE and MPLS/IP core network resources. Furthermore, it is not viable for high bandwidth applications where replicating the multicast data N times may exceed the throughput of the ingress PE trunk. Therefore, SPs are interested in deploying multicast mechanisms in their VPLS-enabled networks that can reduce or eliminate ingress replication, e.g., either replicating the data over the PWs to the PE devices that are member of the multicast group(s) or only sending one copy of the data over each physical link among PE and P nodes destined to the PE devices that are member of the multicast group(s).
Two submissions in the Internet Engineering Task Force (IETF) L2VPN Working Group attempt to solve this problem. The first one (specified in draft-serbest-I2vpn-vpls-mcast-03.txt) uses Internet Group Management Protocol (IGMP)/PIM snooping to restrain multicast traffic over a full mesh of PWs belonging to a given VPLS. IGMP is a standard for IP multicasting in the Internet, and is defined in Request For Comments 1112 (RFC1112) for IGMP version 1 (IGMPv1), in RFC2236 for IGMPv2, and in RFC3376 for IGMPv3. (IGMPv3 includes a feature called Source Specific Multicast (SSM) that adds support for source filtering.) By snooping IGMP/PIM messages, the PE (i.e., switch or router) node can populate the Layer 2 (L2) forwarding table based on the content of the intercepted packets. Thus, a PE device can determine which PWs should be included in a multicast group for a given VPLS instance and only replicate the multicast data stream over that subset of PWs.
Although IGMP snooping helps to alleviate replication overhead, it does not completely eliminate the replication problem at the ingress PE. Therefore, this mechanism may not be viable for multicast applications with high bandwidth requirements because the aggregate data throughput after replication may exceed the bandwidth of the physical trunk at the ingress PE.
The second IETF proposal (described in draft-raggarwa-I2vpn-vpls-mcast-01.txt) tries to address the shortcomings of the previous draft by using the multicast tree to transport customer multicast data of a given VPLS service instance. However, because the unicast and multicast paths for a given VPLS instance are different, this approach can result in numerous problems. The first problem involves packet re-ordering, wherein two consecutive frames are sent on two different paths, e.g., a first frame is sent on a multicast path because of unknown destination unicast MAC address, with a second frame being sent on a unicast path after the path to the destination has been learned. If the unicast path is shorter than multicast path, the second packet can arrive ahead of the first one.
Another problem with the second IETF proposal is that bridged control packets typically need to take the same path as unicast and multicast data, which means the unicast and multicast path need to be aligned or congruent. If control packets are sent on unicast paths, any failure in the multicast path can go undetected. This situation is illustrated in FIG. 1, which shows a SP network 10 with a multicast tree 18 having a path through P nodes 14, 15, and 17 that connects PE nodes 11-13. A unicast path 19 is shown passing through P node 16. In this example, failure of P node 15 may go undetected if control packets are sent via unicast path 19. Furthermore, since unicast and multicast paths are usually different in the network core, Ethernet operations, administration, and management (OAM) connectivity check messages often cannot detect a path/node failure. Even if the failure is detected through some other means, notification of the failure to the originator of the Ethernet OAM becomes problematic.
What is needed therefore is a method and apparatus for eliminating ingress replication of multicast data within a VPLS instance that overcomes the aforementioned problems of the prior art.